First published: Fri May 15 2015(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Email Security Appliance (ESA) 8.5.6-106 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCut87743.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Email Security Appliance Firmware | =8.5.6-106 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-0734 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
To mitigate CVE-2015-0734, update your Cisco Email Security Appliance firmware to version 8.5.6-107 or later.
CVE-2015-0734 can enable remote attackers to perform cross-site scripting (XSS) attacks.
CVE-2015-0734 affects Cisco Email Security Appliance firmware version 8.5.6-106.
Yes, CVE-2015-0734 can be exploited by unauthenticated remote attackers through specially crafted requests.